diff --git a/src/Orchard.Specs/Bindings/ContentRights.cs b/src/Orchard.Specs/Bindings/ContentRights.cs index ac583022c..d796d2b09 100644 --- a/src/Orchard.Specs/Bindings/ContentRights.cs +++ b/src/Orchard.Specs/Bindings/ContentRights.cs @@ -90,7 +90,7 @@ namespace Orchard.Specs.Bindings { }); } - + // returns permissions as they are used in controllers for each action private static Permission GetPermissionForAction(string action) { switch ( action ) { case "publish": diff --git a/src/Orchard.Specs/ContentRights.feature b/src/Orchard.Specs/ContentRights.feature index fb468395f..b7fb70aab 100644 --- a/src/Orchard.Specs/ContentRights.feature +++ b/src/Orchard.Specs/ContentRights.feature @@ -17,6 +17,31 @@ Scenario: Users can't create a Page if they don't have the PublishContent permis And "user1" should be able to "edit" a "Page" owned by "user1" And "user1" should be able to "delete" a "Page" owned by "user1" +Scenario: Users can create a Page of others if they have PublishContent permission + Given I have installed Orchard + When I have a role "CustomRole" with permissions "PublishContent" + And I have a user "user1" with roles "CustomRole" + And I have a user "user2" with roles "Administrator" + Then "user1" should be able to "publish" a "Page" owned by "user2" + And "user1" should be able to "edit" a "Page" owned by "user2" + And "user1" should not be able to "delete" a "Page" owned by "user2" + +Scenario: Users can create a Page if they have PublishOwnContent for Page + Given I have installed Orchard + When I have a role "CustomRole" with permissions "Publish_Page" + And I have a user "user1" with roles "CustomRole" + Then "user1" should be able to "publish" a "Page" owned by "user1" + And "user1" should be able to "edit" a "Page" owned by "user1" + And "user1" should not be able to "delete" a "Page" owned by "user1" + +Scenario: Users can create and edit a Page even if they only have the PublishOwnContent permission + Given I have installed Orchard + When I have a role "CustomRole" with permissions "PublishOwnContent" + And I have a user "user1" with roles "CustomRole" + Then "user1" should be able to "publish" a "Page" owned by "user1" + And "user1" should be able to "edit" a "Page" owned by "user1" + And "user1" should not be able to "delete" a "Page" owned by "user1" + Scenario: Users can't edit a Page if they don't have the EditContent permission Given I have installed Orchard When I have a role "CustomRole" with permissions "DeleteContent" @@ -25,41 +50,15 @@ Scenario: Users can't edit a Page if they don't have the EditContent permission And "user1" should not be able to "edit" a "Page" owned by "user1" And "user1" should be able to "delete" a "Page" owned by "user1" -Scenario: Users can create and edit a Page even if they only have the PublishContent permission +Scenario: Users can't create a Page for others if they only have PublishOwnContent Given I have installed Orchard - When I have a role "CustomRole" with permissions "PublishContent" - And I have a user "user1" with roles "CustomRole" - Then "user1" should be able to "publish" a "Page" owned by "user1" - And "user1" should be able to "edit" a "Page" owned by "user1" - And "user1" should not be able to "delete" a "Page" owned by "user1" - -Scenario: Users can create a Page if they have PublishContent for Page - Given I have installed Orchard - When I have a role "CustomRole" with permissions "Publish_Page" - And I have a user "user1" with roles "CustomRole" - Then "user1" should be able to "publish" a "Page" owned by "user1" - And "user1" should be able to "edit" a "Page" owned by "user1" - And "user1" should not be able to "delete" a "Page" owned by "user1" - -Scenario: Users can't create a Page for others if they only have PublishContent - Given I have installed Orchard - When I have a role "CustomRole" with permissions "PublishContent" + When I have a role "CustomRole" with permissions "PublishOwnContent" And I have a user "user1" with roles "CustomRole" And I have a user "user2" with roles "Administrator" Then "user1" should not be able to "publish" a "Page" owned by "user2" And "user1" should not be able to "edit" a "Page" owned by "user2" And "user1" should not be able to "delete" a "Page" owned by "user2" -Scenario: Users can create a Page for others if they have PublishOthersContent - Given I have installed Orchard - When I have a role "CustomRole" with permissions "PublishOthersContent" - And I have a user "user1" with roles "CustomRole" - And I have a user "user2" with roles "Administrator" - Then "user1" should be able to "publish" a "Page" owned by "user2" - And "user1" should be able to "edit" a "Page" owned by "user2" - And "user1" should not be able to "delete" a "Page" owned by "user2" - - Scenario: Users can't create a Page for others if they only have Publish_Page Given I have installed Orchard When I have a role "CustomRole" with permissions "Publish_Page" @@ -69,20 +68,30 @@ Scenario: Users can't create a Page for others if they only have Publish_Page And "user1" should be able to "edit" a "Page" owned by "user2" And "user1" should not be able to "delete" a "Page" owned by "user2" -Scenario: Users can create a Page for others if they only have PublishOthers_Page +Scenario: Users can create a Page for others if they only have Publish_Page Given I have installed Orchard - When I have a role "CustomRole" with permissions "PublishOthers_Page" + When I have a role "CustomRole" with permissions "Publish_Page" And I have a user "user1" with roles "CustomRole" And I have a user "user2" with roles "Administrator" Then "user1" should be able to "publish" a "Page" owned by "user2" And "user1" should be able to "edit" a "Page" owned by "user2" And "user1" should not be able to "delete" a "Page" owned by "user2" -Scenario: Users can delete a Page for others if they only have DeleteOthers_Page +Scenario: Users can delete a Page for others if they only have Delete_Page Given I have installed Orchard - When I have a role "CustomRole" with permissions "DeleteOthers_Page" + When I have a role "CustomRole" with permissions "Delete_Page" And I have a user "user1" with roles "CustomRole" And I have a user "user2" with roles "Administrator" Then "user1" should not be able to "publish" a "Page" owned by "user2" And "user1" should not be able to "edit" a "Page" owned by "user2" And "user1" should be able to "delete" a "Page" owned by "user2" + + +Scenario: Users can't delete a Page for others if they only have DeleteOwn_Page + Given I have installed Orchard + When I have a role "CustomRole" with permissions "DeleteOwn_Page" + And I have a user "user1" with roles "CustomRole" + And I have a user "user2" with roles "Administrator" + Then "user1" should not be able to "publish" a "Page" owned by "user2" + And "user1" should not be able to "edit" a "Page" owned by "user2" + And "user1" should not be able to "delete" a "Page" owned by "user2" diff --git a/src/Orchard.Specs/ContentRights.feature.cs b/src/Orchard.Specs/ContentRights.feature.cs index 3aa3a7689..5991ae5a4 100644 --- a/src/Orchard.Specs/ContentRights.feature.cs +++ b/src/Orchard.Specs/ContentRights.feature.cs @@ -96,120 +96,120 @@ testRunner.And("\"user1\" should be able to \"delete\" a \"Page\" owned by \"use } [NUnit.Framework.TestAttribute()] - [NUnit.Framework.DescriptionAttribute("Users can\'t edit a Page if they don\'t have the EditContent permission")] - public virtual void UsersCanTEditAPageIfTheyDonTHaveTheEditContentPermission() + [NUnit.Framework.DescriptionAttribute("Users can create a Page of others if they have PublishContent permission")] + public virtual void UsersCanCreateAPageOfOthersIfTheyHavePublishContentPermission() { - TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t edit a Page if they don\'t have the EditContent permission", ((string[])(null))); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page of others if they have PublishContent permission", ((string[])(null))); #line 20 this.ScenarioSetup(scenarioInfo); #line 21 testRunner.Given("I have installed Orchard"); #line 22 -testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteContent\""); +testRunner.When("I have a role \"CustomRole\" with permissions \"PublishContent\""); #line 23 testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); #line 24 -testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user1\""); -#line 25 -testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user1\""); -#line 26 -testRunner.And("\"user1\" should be able to \"delete\" a \"Page\" owned by \"user1\""); -#line hidden - testRunner.CollectScenarioErrors(); - } - - [NUnit.Framework.TestAttribute()] - [NUnit.Framework.DescriptionAttribute("Users can create and edit a Page even if they only have the PublishContent permis" + - "sion")] - public virtual void UsersCanCreateAndEditAPageEvenIfTheyOnlyHaveThePublishContentPermission() - { - TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create and edit a Page even if they only have the PublishContent permis" + - "sion", ((string[])(null))); -#line 28 -this.ScenarioSetup(scenarioInfo); -#line 29 -testRunner.Given("I have installed Orchard"); -#line 30 -testRunner.When("I have a role \"CustomRole\" with permissions \"PublishContent\""); -#line 31 -testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); -#line 32 -testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user1\""); -#line 33 -testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user1\""); -#line 34 -testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user1\""); -#line hidden - testRunner.CollectScenarioErrors(); - } - - [NUnit.Framework.TestAttribute()] - [NUnit.Framework.DescriptionAttribute("Users can create a Page if they have PublishContent for Page")] - public virtual void UsersCanCreateAPageIfTheyHavePublishContentForPage() - { - TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page if they have PublishContent for Page", ((string[])(null))); -#line 36 -this.ScenarioSetup(scenarioInfo); -#line 37 -testRunner.Given("I have installed Orchard"); -#line 38 -testRunner.When("I have a role \"CustomRole\" with permissions \"Publish_Page\""); -#line 39 -testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); -#line 40 -testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user1\""); -#line 41 -testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user1\""); -#line 42 -testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user1\""); -#line hidden - testRunner.CollectScenarioErrors(); - } - - [NUnit.Framework.TestAttribute()] - [NUnit.Framework.DescriptionAttribute("Users can\'t create a Page for others if they only have PublishContent")] - public virtual void UsersCanTCreateAPageForOthersIfTheyOnlyHavePublishContent() - { - TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t create a Page for others if they only have PublishContent", ((string[])(null))); -#line 44 -this.ScenarioSetup(scenarioInfo); -#line 45 -testRunner.Given("I have installed Orchard"); -#line 46 -testRunner.When("I have a role \"CustomRole\" with permissions \"PublishContent\""); -#line 47 -testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); -#line 48 testRunner.And("I have a user \"user2\" with roles \"Administrator\""); -#line 49 -testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user2\""); -#line 50 -testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user2\""); -#line 51 +#line 25 +testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\""); +#line 26 +testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\""); +#line 27 testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\""); #line hidden testRunner.CollectScenarioErrors(); } [NUnit.Framework.TestAttribute()] - [NUnit.Framework.DescriptionAttribute("Users can create a Page for others if they have PublishOthersContent")] - public virtual void UsersCanCreateAPageForOthersIfTheyHavePublishOthersContent() + [NUnit.Framework.DescriptionAttribute("Users can create a Page if they have PublishOwnContent for Page")] + public virtual void UsersCanCreateAPageIfTheyHavePublishOwnContentForPage() { - TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page for others if they have PublishOthersContent", ((string[])(null))); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page if they have PublishOwnContent for Page", ((string[])(null))); +#line 29 +this.ScenarioSetup(scenarioInfo); +#line 30 +testRunner.Given("I have installed Orchard"); +#line 31 +testRunner.When("I have a role \"CustomRole\" with permissions \"Publish_Page\""); +#line 32 +testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); +#line 33 +testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user1\""); +#line 34 +testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user1\""); +#line 35 +testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user1\""); +#line hidden + testRunner.CollectScenarioErrors(); + } + + [NUnit.Framework.TestAttribute()] + [NUnit.Framework.DescriptionAttribute("Users can create and edit a Page even if they only have the PublishOwnContent per" + + "mission")] + public virtual void UsersCanCreateAndEditAPageEvenIfTheyOnlyHaveThePublishOwnContentPermission() + { + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create and edit a Page even if they only have the PublishOwnContent per" + + "mission", ((string[])(null))); +#line 37 +this.ScenarioSetup(scenarioInfo); +#line 38 +testRunner.Given("I have installed Orchard"); +#line 39 +testRunner.When("I have a role \"CustomRole\" with permissions \"PublishOwnContent\""); +#line 40 +testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); +#line 41 +testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user1\""); +#line 42 +testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user1\""); +#line 43 +testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user1\""); +#line hidden + testRunner.CollectScenarioErrors(); + } + + [NUnit.Framework.TestAttribute()] + [NUnit.Framework.DescriptionAttribute("Users can\'t edit a Page if they don\'t have the EditContent permission")] + public virtual void UsersCanTEditAPageIfTheyDonTHaveTheEditContentPermission() + { + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t edit a Page if they don\'t have the EditContent permission", ((string[])(null))); +#line 45 +this.ScenarioSetup(scenarioInfo); +#line 46 +testRunner.Given("I have installed Orchard"); +#line 47 +testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteContent\""); +#line 48 +testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); +#line 49 +testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user1\""); +#line 50 +testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user1\""); +#line 51 +testRunner.And("\"user1\" should be able to \"delete\" a \"Page\" owned by \"user1\""); +#line hidden + testRunner.CollectScenarioErrors(); + } + + [NUnit.Framework.TestAttribute()] + [NUnit.Framework.DescriptionAttribute("Users can\'t create a Page for others if they only have PublishOwnContent")] + public virtual void UsersCanTCreateAPageForOthersIfTheyOnlyHavePublishOwnContent() + { + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t create a Page for others if they only have PublishOwnContent", ((string[])(null))); #line 53 this.ScenarioSetup(scenarioInfo); #line 54 testRunner.Given("I have installed Orchard"); #line 55 -testRunner.When("I have a role \"CustomRole\" with permissions \"PublishOthersContent\""); +testRunner.When("I have a role \"CustomRole\" with permissions \"PublishOwnContent\""); #line 56 testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); #line 57 testRunner.And("I have a user \"user2\" with roles \"Administrator\""); #line 58 -testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\""); +testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user2\""); #line 59 -testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\""); +testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user2\""); #line 60 testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\""); #line hidden @@ -221,72 +221,97 @@ testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \ public virtual void UsersCanTCreateAPageForOthersIfTheyOnlyHavePublish_Page() { TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t create a Page for others if they only have Publish_Page", ((string[])(null))); +#line 62 +this.ScenarioSetup(scenarioInfo); #line 63 -this.ScenarioSetup(scenarioInfo); +testRunner.Given("I have installed Orchard"); #line 64 -testRunner.Given("I have installed Orchard"); -#line 65 testRunner.When("I have a role \"CustomRole\" with permissions \"Publish_Page\""); +#line 65 +testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); #line 66 -testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); +testRunner.And("I have a user \"user2\" with roles \"Administrator\""); #line 67 -testRunner.And("I have a user \"user2\" with roles \"Administrator\""); +testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\""); #line 68 -testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\""); +testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\""); #line 69 -testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\""); -#line 70 testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\""); #line hidden testRunner.CollectScenarioErrors(); } [NUnit.Framework.TestAttribute()] - [NUnit.Framework.DescriptionAttribute("Users can create a Page for others if they only have PublishOthers_Page")] - public virtual void UsersCanCreateAPageForOthersIfTheyOnlyHavePublishOthers_Page() + [NUnit.Framework.DescriptionAttribute("Users can create a Page for others if they only have Publish_Page")] + public virtual void UsersCanCreateAPageForOthersIfTheyOnlyHavePublish_Page() { - TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page for others if they only have PublishOthers_Page", ((string[])(null))); + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page for others if they only have Publish_Page", ((string[])(null))); +#line 71 +this.ScenarioSetup(scenarioInfo); #line 72 -this.ScenarioSetup(scenarioInfo); -#line 73 testRunner.Given("I have installed Orchard"); +#line 73 +testRunner.When("I have a role \"CustomRole\" with permissions \"Publish_Page\""); #line 74 -testRunner.When("I have a role \"CustomRole\" with permissions \"PublishOthers_Page\""); -#line 75 testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); -#line 76 +#line 75 testRunner.And("I have a user \"user2\" with roles \"Administrator\""); -#line 77 +#line 76 testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\""); -#line 78 +#line 77 testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\""); -#line 79 +#line 78 testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\""); #line hidden testRunner.CollectScenarioErrors(); } [NUnit.Framework.TestAttribute()] - [NUnit.Framework.DescriptionAttribute("Users can delete a Page for others if they only have DeleteOthers_Page")] - public virtual void UsersCanDeleteAPageForOthersIfTheyOnlyHaveDeleteOthers_Page() + [NUnit.Framework.DescriptionAttribute("Users can delete a Page for others if they only have Delete_Page")] + public virtual void UsersCanDeleteAPageForOthersIfTheyOnlyHaveDelete_Page() { - TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can delete a Page for others if they only have DeleteOthers_Page", ((string[])(null))); -#line 81 + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can delete a Page for others if they only have Delete_Page", ((string[])(null))); +#line 80 this.ScenarioSetup(scenarioInfo); -#line 82 +#line 81 testRunner.Given("I have installed Orchard"); +#line 82 +testRunner.When("I have a role \"CustomRole\" with permissions \"Delete_Page\""); #line 83 -testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteOthers_Page\""); -#line 84 testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); -#line 85 +#line 84 testRunner.And("I have a user \"user2\" with roles \"Administrator\""); -#line 86 +#line 85 testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user2\""); -#line 87 +#line 86 testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user2\""); -#line 88 +#line 87 testRunner.And("\"user1\" should be able to \"delete\" a \"Page\" owned by \"user2\""); +#line hidden + testRunner.CollectScenarioErrors(); + } + + [NUnit.Framework.TestAttribute()] + [NUnit.Framework.DescriptionAttribute("Users can\'t delete a Page for others if they only have DeleteOwn_Page")] + public virtual void UsersCanTDeleteAPageForOthersIfTheyOnlyHaveDeleteOwn_Page() + { + TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t delete a Page for others if they only have DeleteOwn_Page", ((string[])(null))); +#line 90 +this.ScenarioSetup(scenarioInfo); +#line 91 +testRunner.Given("I have installed Orchard"); +#line 92 +testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteOwn_Page\""); +#line 93 +testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); +#line 94 +testRunner.And("I have a user \"user2\" with roles \"Administrator\""); +#line 95 +testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user2\""); +#line 96 +testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user2\""); +#line 97 +testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\""); #line hidden testRunner.CollectScenarioErrors(); } diff --git a/src/Orchard.Web/Core/Common/Security/AuthorizationEventHandler.cs b/src/Orchard.Web/Core/Common/Security/AuthorizationEventHandler.cs index fa0beacfb..a91fe6dbc 100644 --- a/src/Orchard.Web/Core/Common/Security/AuthorizationEventHandler.cs +++ b/src/Orchard.Web/Core/Common/Security/AuthorizationEventHandler.cs @@ -2,6 +2,8 @@ using JetBrains.Annotations; using Orchard.ContentManagement; using Orchard.ContentManagement.Aspects; using Orchard.Core.Common.Models; +using Orchard.Core.Contents; +using Orchard.Core.Contents.Settings; using Orchard.Security; using Orchard.Security.Permissions; @@ -13,17 +15,49 @@ namespace Orchard.Core.Common.Security public void Checking(CheckAccessContext context) { } public void Complete(CheckAccessContext context) { } - public void Adjust(CheckAccessContext context) - { - if (!context.Granted && - context.Content.Is() && - OwnerVariationExists(context.Permission) && - HasOwnership(context.User, context.Content)) - { + public void Adjust(CheckAccessContext context) { + if ( !context.Granted && + context.Content.Is() ) { - context.Adjusted = true; - context.Permission = GetOwnerVariation(context.Permission); + if (OwnerVariationExists(context.Permission) && + HasOwnership(context.User, context.Content)) { + + context.Adjusted = true; + context.Permission = GetOwnerVariation(context.Permission); + } + + var typeDefinition = context.Content.ContentItem.TypeDefinition; + + // replace permission if a more specific version exists + if ( typeDefinition.Settings.GetModel().Creatable ) { + var permission = context.Permission; + + if ( context.Permission.Name == Contents.Permissions.PublishOwnContent.Name ) { + permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishOwnContent, typeDefinition); + } + else if ( context.Permission.Name == Contents.Permissions.EditOwnContent.Name ) { + permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditOwnContent, typeDefinition); + } + else if ( context.Permission.Name == Contents.Permissions.DeleteOwnContent.Name ) { + permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteOwnContent, typeDefinition); + } + else if ( context.Permission.Name == Contents.Permissions.PublishContent.Name ) { + permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishContent, typeDefinition); + } + else if ( context.Permission.Name == Contents.Permissions.EditContent.Name ) { + permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditContent, typeDefinition); + } + else if ( context.Permission.Name == Contents.Permissions.DeleteContent.Name ) { + permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteContent, typeDefinition); + } + + if ( permission != context.Permission ) { + context.Adjusted = true; + context.Permission = permission; + } + } } + } private static bool HasOwnership(IUser user, IContent content) @@ -45,12 +79,12 @@ namespace Orchard.Core.Common.Security private static Permission GetOwnerVariation(Permission permission) { - if (permission.Name == Contents.Permissions.PublishOthersContent.Name) - return Contents.Permissions.PublishContent; - if (permission.Name == Contents.Permissions.EditOthersContent.Name) - return Contents.Permissions.EditContent; - if (permission.Name == Contents.Permissions.DeleteOthersContent.Name) - return Contents.Permissions.DeleteContent; + if (permission.Name == Contents.Permissions.PublishContent.Name) + return Contents.Permissions.PublishOwnContent; + if (permission.Name == Contents.Permissions.EditContent.Name) + return Contents.Permissions.EditOwnContent; + if (permission.Name == Contents.Permissions.DeleteContent.Name) + return Contents.Permissions.DeleteOwnContent; return null; } } diff --git a/src/Orchard.Web/Core/Contents/AuthorizationEventHandler.cs b/src/Orchard.Web/Core/Contents/AuthorizationEventHandler.cs deleted file mode 100644 index 1eca153b9..000000000 --- a/src/Orchard.Web/Core/Contents/AuthorizationEventHandler.cs +++ /dev/null @@ -1,80 +0,0 @@ -using System; -using JetBrains.Annotations; -using Orchard.ContentManagement; -using Orchard.ContentManagement.Aspects; -using Orchard.Core.Contents.Settings; -using Orchard.Security; -using Orchard.Security.Permissions; - -namespace Orchard.Core.Contents { - [UsedImplicitly] - public class AuthorizationEventHandler : IAuthorizationServiceEventHandler { - public void Checking(CheckAccessContext context) { } - public void Complete(CheckAccessContext context) { } - - public void Adjust(CheckAccessContext context) { - if ( context.Granted || context.Content == null ) - return; - - var typeDefinition = context.Content.ContentItem.TypeDefinition; - - // replace permission if more specific version exists - if ( typeDefinition.Settings.GetModel().Creatable ) { - var permission = context.Permission; - - if ( context.Permission.Name == Permissions.PublishContent.Name ) - permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishContent, typeDefinition); - if ( context.Permission.Name == Permissions.EditContent.Name ) - permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditContent, typeDefinition); - if ( context.Permission.Name == Permissions.DeleteContent.Name ) - permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteContent, typeDefinition); - - if ( context.Permission.Name == Permissions.PublishOthersContent.Name ) - permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishOthersContent, typeDefinition); - if ( context.Permission.Name == Permissions.EditOthersContent.Name ) - permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditOthersContent, typeDefinition); - if ( context.Permission.Name == Permissions.DeleteOthersContent.Name ) - permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteOthersContent, typeDefinition); - - // converts the permission if the owner is someone else - if ( HasOtherOwner(context.User, context.Content) ) { - - if ( permission.Name == String.Format(DynamicPermissions.PublishContent.Name, typeDefinition.Name) ) - permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishOthersContent, typeDefinition); - if ( permission.Name == String.Format(DynamicPermissions.EditContent.Name, typeDefinition.Name) ) - permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditOthersContent, typeDefinition); - if ( permission.Name == String.Format(DynamicPermissions.DeleteContent.Name, typeDefinition.Name) ) - permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteOthersContent, typeDefinition); - } - - if ( permission != context.Permission ) { - context.Adjusted = true; - context.Permission = permission; - } - } - } - - private static bool HasOtherOwner(IUser user, IContent content) { - if ( user == null || content == null ) - return false; - - var common = content.As(); - if ( common == null || common.Owner == null ) - return false; - - return user.Id != common.Owner.Id; - } - - private static Permission GetOwnerVariation(Permission permission) - { - if (permission.Name == Contents.Permissions.PublishOthersContent.Name) - return Contents.Permissions.PublishContent; - if (permission.Name == Contents.Permissions.EditOthersContent.Name) - return Contents.Permissions.EditContent; - if (permission.Name == Contents.Permissions.DeleteOthersContent.Name) - return Contents.Permissions.DeleteContent; - return null; - } - } -} - diff --git a/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs b/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs index 43eeaa005..184fa87cd 100644 --- a/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs +++ b/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs @@ -251,7 +251,7 @@ namespace Orchard.Core.Contents.Controllers { if (contentItem == null) return new NotFoundResult(); - if (!Services.Authorizer.Authorize(Permissions.EditOthersContent, contentItem, T("Cannot edit content"))) + if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Cannot edit content"))) return new HttpUnauthorizedResult(); var model = _contentManager.BuildEditorModel(contentItem); @@ -266,7 +266,7 @@ namespace Orchard.Core.Contents.Controllers { if (contentItem == null) return new NotFoundResult(); - if (!Services.Authorizer.Authorize(Permissions.EditOthersContent, contentItem, T("Couldn't edit content"))) + if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Couldn't edit content"))) return new HttpUnauthorizedResult(); var model = _contentManager.UpdateEditorModel(contentItem, this); @@ -289,7 +289,7 @@ namespace Orchard.Core.Contents.Controllers { public ActionResult RemovePOST(int id, string returnUrl) { var contentItem = _contentManager.Get(id, VersionOptions.Latest); - if (!Services.Authorizer.Authorize(Permissions.DeleteOthersContent, contentItem, T("Couldn't remove content"))) + if (!Services.Authorizer.Authorize(Permissions.DeleteContent, contentItem, T("Couldn't remove content"))) return new HttpUnauthorizedResult(); if (contentItem != null) { diff --git a/src/Orchard.Web/Core/Contents/DynamicPermissions.cs b/src/Orchard.Web/Core/Contents/DynamicPermissions.cs index b4fdecde7..df4720061 100644 --- a/src/Orchard.Web/Core/Contents/DynamicPermissions.cs +++ b/src/Orchard.Web/Core/Contents/DynamicPermissions.cs @@ -9,14 +9,14 @@ using Orchard.Security.Permissions; namespace Orchard.Core.Contents { public class DynamicPermissions : IPermissionProvider { - public static readonly Permission PublishOthersContent = new Permission { Description = "Publish or unpublish {0} for others", Name = "PublishOthers_{0}", ImpliedBy = new[] { Permissions.PublishOthersContent } }; - public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish {0}", Name = "Publish_{0}", ImpliedBy = new[] { PublishOthersContent, Permissions.PublishContent } }; - public static readonly Permission EditOthersContent = new Permission { Description = "Edit {0} for others", Name = "EditOthers_{0}", ImpliedBy = new[] { PublishOthersContent, Permissions.EditOthersContent } }; - public static readonly Permission EditContent = new Permission { Description = "Edit {0}", Name = "EditContent", ImpliedBy = new[] { EditOthersContent, PublishContent, Permissions.EditContent } }; - public static readonly Permission DeleteOthersContent = new Permission { Description = "Delete {0} for others", Name = "DeleteOthers_{0}", ImpliedBy = new[] { Permissions.DeleteOthersContent } }; - public static readonly Permission DeleteContent = new Permission { Description = "Delete {0}", Name = "Delete_{0}", ImpliedBy = new[] { DeleteOthersContent, Permissions.DeleteContent } }; + public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish {0} for others", Name = "Publish_{0}", ImpliedBy = new[] { Permissions.PublishContent } }; + public static readonly Permission PublishOwnContent = new Permission { Description = "Publish or unpublish {0}", Name = "PublishOwn_{0}", ImpliedBy = new[] { PublishContent, Permissions.PublishOwnContent } }; + public static readonly Permission EditContent = new Permission { Description = "Edit {0} for others", Name = "Edit_{0}", ImpliedBy = new[] { PublishContent, Permissions.PublishContent } }; + public static readonly Permission EditOwnContent = new Permission { Description = "Edit {0}", Name = "EditOwn_{0}", ImpliedBy = new[] { EditContent, PublishOwnContent, Permissions.EditOwnContent } }; + public static readonly Permission DeleteContent = new Permission { Description = "Delete {0} for others", Name = "Delete_{0}", ImpliedBy = new[] { Permissions.DeleteContent } }; + public static readonly Permission DeleteOwnContent = new Permission { Description = "Delete {0}", Name = "DeleteOwn_{0}", ImpliedBy = new[] { DeleteContent, Permissions.DeleteOwnContent } }; - public static readonly Permission[] PermissionTemplates = new[] {PublishOthersContent, PublishContent, EditOthersContent, EditContent, DeleteOthersContent, DeleteContent}; + public static readonly Permission[] PermissionTemplates = new[] {PublishContent, PublishOwnContent, EditContent, EditOwnContent, DeleteContent, DeleteOwnContent}; private readonly IContentDefinitionManager _contentDefinitionManager; diff --git a/src/Orchard.Web/Core/Contents/Permissions.cs b/src/Orchard.Web/Core/Contents/Permissions.cs index a4b82e0e3..469c0f84a 100644 --- a/src/Orchard.Web/Core/Contents/Permissions.cs +++ b/src/Orchard.Web/Core/Contents/Permissions.cs @@ -4,25 +4,25 @@ using Orchard.Security.Permissions; namespace Orchard.Core.Contents { public class Permissions : IPermissionProvider { - public static readonly Permission PublishOthersContent = new Permission { Description = "Publish or unpublish content for others", Name = "PublishOthersContent" }; - public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish content", Name = "PublishContent", ImpliedBy = new[] { PublishOthersContent } }; - public static readonly Permission EditOthersContent = new Permission { Description = "Edit content for others", Name = "EditOthersContent", ImpliedBy = new[] { PublishOthersContent } }; - public static readonly Permission EditContent = new Permission { Description = "Edit content", Name = "EditContent", ImpliedBy = new[] { EditOthersContent, PublishContent } }; - public static readonly Permission DeleteOthersContent = new Permission { Description = "Delete content for others", Name = "DeleteOthersContent" }; - public static readonly Permission DeleteContent = new Permission { Description = "Delete content", Name = "DeleteContent", ImpliedBy = new[] { DeleteOthersContent } }; + public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish content for others", Name = "PublishContent" }; + public static readonly Permission PublishOwnContent = new Permission { Description = "Publish or unpublish content", Name = "PublishOwnContent", ImpliedBy = new[] { PublishContent } }; + public static readonly Permission EditContent = new Permission { Description = "Edit content for others", Name = "EditContent", ImpliedBy = new[] { PublishContent } }; + public static readonly Permission EditOwnContent = new Permission { Description = "Edit content", Name = "EditOwnContent", ImpliedBy = new[] { EditContent, PublishOwnContent } }; + public static readonly Permission DeleteContent = new Permission { Description = "Delete content for others", Name = "DeleteContent" }; + public static readonly Permission DeleteOwnContent = new Permission { Description = "Delete content", Name = "DeleteOwnContent", ImpliedBy = new[] { DeleteContent } }; - public static readonly Permission MetaListContent = new Permission { ImpliedBy = new[] { EditContent, PublishContent, DeleteContent } }; + public static readonly Permission MetaListContent = new Permission { ImpliedBy = new[] { EditOwnContent, PublishOwnContent, DeleteOwnContent } }; public virtual Feature Feature { get; set; } public IEnumerable GetPermissions() { return new [] { + EditOwnContent, EditContent, - EditOthersContent, + PublishOwnContent, PublishContent, - PublishOthersContent, + DeleteOwnContent, DeleteContent, - DeleteOthersContent, }; } @@ -30,11 +30,11 @@ namespace Orchard.Core.Contents { return new[] { new PermissionStereotype { Name = "Administrator", - Permissions = new[] {PublishOthersContent,EditOthersContent,DeleteOthersContent} + Permissions = new[] {PublishContent,EditContent,DeleteContent} }, new PermissionStereotype { Name = "Editor", - Permissions = new[] {PublishOthersContent,EditOthersContent,DeleteOthersContent} + Permissions = new[] {PublishContent,EditContent,DeleteContent} }, new PermissionStereotype { Name = "Moderator", @@ -42,11 +42,11 @@ namespace Orchard.Core.Contents { }, new PermissionStereotype { Name = "Author", - Permissions = new[] {PublishContent,EditContent,DeleteContent} + Permissions = new[] {PublishOwnContent,EditOwnContent,DeleteOwnContent} }, new PermissionStereotype { Name = "Contributor", - Permissions = new[] {EditContent} + Permissions = new[] {EditOwnContent} }, }; } diff --git a/src/Orchard.Web/Core/Orchard.Core.csproj b/src/Orchard.Web/Core/Orchard.Core.csproj index 0275d63d5..85c9ffd70 100644 --- a/src/Orchard.Web/Core/Orchard.Core.csproj +++ b/src/Orchard.Web/Core/Orchard.Core.csproj @@ -86,7 +86,6 @@ -